English

Execution at RISC: Stealth JOP Attacks on RISC-V Applications

Cryptography and Security 2023-07-25 v1 Software Engineering

Abstract

RISC-V is a recently developed open instruction set architecture gaining a lot of attention. To achieve a lasting security on these systems and design efficient countermeasures, a better understanding of vulnerabilities to novel and potential future attacks is mandatory. This paper demonstrates that RISC-V is sensible to Jump-Oriented Programming, a class of complex code-reuse attacks. We provide an analysis of new dispatcher gadgets we discovered, and show how they can be used together in order to build a stealth attack, bypassing existing protections. A proof-of-concept attack is implemented on an embedded web server compiled for RISC-V, in which we introduced a vulnerability, allowing an attacker to remotely read an arbitrary file from the host machine.

Keywords

Cite

@article{arxiv.2307.12648,
  title  = {Execution at RISC: Stealth JOP Attacks on RISC-V Applications},
  author = {Loïc Buckwell and Olivier Gilles and Daniel Gracia Pérez and Nikolai Kosmatov},
  journal= {arXiv preprint arXiv:2307.12648},
  year   = {2023}
}

Comments

16 pages. arXiv admin note: text overlap with arXiv:2211.16212

R2 v1 2026-06-28T11:38:27.710Z